In the Boxing Ring
Newsletter
Global security issues and technical news from Network Box CTO, Mark Webb-Johnson.
Latest Edition:
April 2024
This month, we are talking about CVE-2024-3094, which has the open source community and news wires buzzing. RedHat has classified the flaw as 10.0 (most critical). If successful, it would allow a trojan horse to be planted in a library to go after a bigger target. So what exactly is the problem, and what is its impact on the open source community? On pages 2 to 3, we break it down and discuss in greater detail.
In other news, Network Box Singapore won the Best Value Cyber Security Solutions Company award at the APAC Business Client Service Excellence Award 2024. Additionally, Network Box Hong Kong assisted the Police Force in performing Red Teaming on the Police’s Scameter+ App. And in this month’s Technology Focus, we are spotlighting the Network Box Mobile SIEM+ App. Available for both Apple iOS and Android-based mobile devices, the App provides secure access to administer Network Box managed services.
In the Boxing Ring
2024
March 2024
Seeing Red…
Network Box Red Team Services
This month, Network Box Red Team’s Managing Consultant, Richard Stagg, introduces Network Box Red Team Services. Businesses understand the need for “defensive security” very well. They will spend wisely on firewalls, endpoint protection, SIEM, MDM, and whatever else they need to deter attacks, detect breaches, respond and recover. However, it is far less common for an organization to actively hunt for weaknesses that a skilled threat actor could exploit. This is why Network Box is now offering “offensive security” services. On pages 2 to 3, we discuss this in greater detail.
In other news, Network Box Germany has been awarded the TeleTrusT - IT Security made in Germany trust seal. Additionally, Network Box’s ISO/IEC 27001 certification has been audited and upgraded to the latest standard. And finally, starting this month, Network Box is introducing a new feature titled Technology Focus. This monthly feature will highlight a different aspect of Network Box services. For this month, we will be turning the spotlight on External View Security Scans.
February 2024
Ransomware Delivery Protocol (RDP) and others
This month, we are talking about Ransomware Delivery Protocol (RDP) and others. Whilst this is a play on words for Remote Desktop Protocol, the security risks that it represents cannot be overlooked. Among every ransomware case that Network Box has been called in to assist with over the past five years, RDP has been the #1 mechanism for network infiltration and eventual ransomware delivery. Whilst being the worst offender, RDP is far from the only problematic such service. On pages 2 to 3, we discuss this in greater detail and provide a few best practices to alleviate these threats.
In other news, Network Box’s Managing Director, Michael Gazeley, participated in a cybersecurity panel discussion titled, Building Network Security Barriers Together - Creating a New Chapter for Smart Cities. Additionally, as a special end-of-year summary, Network Box has compiled all the key events of the last year in the 2023 edition of Year in Focus. And in this month’s Global Security Headlines, there were security issues with Cisco, TeamViewer, Ivanti, and Cloudflare.
January 2024
January 2024 enhancements of NBSIEM+
Happy New Year! This month, we discuss the upcoming January 2024 enhancements of NBSIEM+ and our plans for this unifying platform in 2024 and beyond. As you may be aware, our goal is to unify all Network Box reporting and user/administrative interfaces into one single system called NBSIEM+. This allows for seamless overview, administration, and management of Network Box services no matter how they are delivered (physical devices, virtual devices, or multi-tenanted cloud). On pages 2 to 3, we discuss these enhancements in greater detail.
In this month’s Global Security Headlines, there were security issues with Google, 23andMe, and Apple iPhones, and authorities seized $300m from 3,500 cyber scammers. Additionally, Network Box Germany’s Dariush Ansari had an article about AI in cybercrime published in Connect-Professional, and the latest HPCC Hackpod Club episode is now available. And finally, Network Box has compiled key In the Boxing Ring articles in the 2023 Network Box Technology Review.
In the Boxing Ring
2023
Network Box
Technology Review 2023
Compilation of key In the Boxing Ring technology news, features, and articles from 2023.
December 2023
Understanding Company’s Security Posture (part 2)
November 2023
Understanding Company’s Security Posture
October 2023
Why Government Legislation is Imperative for Strengthening Cybersecurity
September 2023
Barracuda ESG Zero-Day Vulnerability
August 2023
Artificial Intelligence and Machine Learning
July 2023
Scanning and the External Threat View
June 2023
Managed Zero-Trust End-Point Security
May 2023
Configuration Reviews
April 2023
SSL/TLS Certificates and Authorities
March 2023
Issues with DNS
February 2023
The Whitelisting Approach - Zero Trust Endpoint Security
January 2023
Network Box Services in 2023
In the Boxing Ring
2022
Network Box
Technology Review 2022
Compilation of key In the Boxing Ring technology news, features, and articles from 2022.
December 2022
The Whitelisting Approach to Cybersecurity
November 2022
Cybersecurity Budget: Making Your Business Case
by Pierluigi Stella
October 2022
The Network Box Approach to your Privacy
September 2022
Cloud SSL Server and Certificate Reputation Services
August 2022
NBSIEM+ Enhancements
July 2022
AI and Cybersecurity
by Pierluigi Stella
June 2022
Ransomware and the Dark Web
May 2022
The Network Box Difference
April 2022
Network Box Best Practices
March 2022
Network Box Mobile Application Framework
February 2022
Network Box App - Mobile SIEM+
January 2022
Network Box Services in 2022
In the Boxing Ring
2021
Network Box Technology Review 2021
Compilation of key In the Boxing Ring technology news, features, and articles from 2021.
December 2021
Network Box Web Client Protection
November 2021
Global Monitoring System Ticketing Rules
October 2021
Network Box Email Protection
September 2021
Network Box Anti-Malware Solution
August 2021
Network Box Intrusion Detection and Prevention (IDP)
July 2021
Network Box SD-WAN (Software-Defined Wide Area Network)
June 2021
Security Hesitancy
May 2021
Market Share versus Vulnerability
April 2021
Herd Immunity from Computer Worms
March 2021
Vulnerability Scanning
February 2021
If you can connect it, protect it
January 2021
Network Box platform in 2021 and beyond
In the Boxing Ring
2020
Network Box
Technology Review 2020
Compilation of key In the Boxing Ring technology news, features, and articles from 2020.
December 2020
Safely and Securely Working from Home
November 2020
Virtual Patching
October 2020
Privacy and MAC Address Randomization
September 2020
Bugs, Crashes, and Vulnerabilities
August 2020
Top-Level Domains
July 2020
Core Engine Upgrades
June 2020
Viruses: Biological versus Computer
May 2020
Box Office User Management
April 2020
Business Continuity in the time of COVID-19 Lockdowns
March 2020
When a password doesn’t seem like a password (and you give it out to a stranger)
February 2020
Cloud Notifications
January 2020
A look ahead to the Network Box platform in 2020 and beyond
In the Boxing Ring
2019
Network Box
Technology Review 2019
Compilation of key In the Boxing Ring technology news, features, and articles from 2019.
December 2019
'Tis the season to be wary: Top 7 security tips to keep your business protected during the holidays
November 2019
Sextortion Scams
October 2019
Cyber Security Awareness Month: 5 Key Suggestions for IT Managers
September 2019
S-80i Hardware Platform
August 2019
The Network Box Difference
July 2019
Dark Web Monitoring Service [version 2]
June 2019
Administrative Systems access from the Internet
May 2019
Network Box Spam Reporter
by Michael Gazeley
April 2019
Network Box Cybersecurity Ethos
March 2019
Password Policies
February 2019
The Dark Side of the Internet
by Michael Gazeley
January 2019
Network Box Security Services in 2019 and Beyond
In the Boxing Ring
2018
Network Box
Technology Review 2018
Compilation of key In the Boxing Ring technology news, features, and articles from 2018.
December 2018
Dark Web Monitoring
by Michael Gazeley
November 2018
NBSIEM+ Events Logs at Big Data Scale
October 2018
The Internet of Things
by Michael Gazeley
September 2018
NBSIEM+ Logging Options
August 2018
NBRS-3 End of Life Support
July 2018
Social Engineering
June 2018
PCI-DSS Compliance
May 2018
A plea for Dual Factor
April 2018
Network Box 5.5 Managed Security Service Platform
March 2018
Moving from Log Event to Security Incident base Response
February 2018
Network Box Reputation Database
January 2018
Network Box Managed Security in 2018 and beyond
In the Boxing Ring
2017
Network Box
Technology Review 2017
Compilation of key In the Boxing Ring technology news, features, and articles from 2017.
December 2017
Physical Security
November 2017
Cloud Reputation Service
October 2017
WannaCry & NSA, how they're connected
by Pierluigi Stella
September 2017
Have you been Pwned?
August 2017
Spear Phishing
July 2017
● Cloud Dynamic DNS
● UTM-5Q and VPN-5Q Hardware Platform
June 2017
● How to Survive a Trojan/Ransomware Attack
● Reducing the Risk of SNMP Abuse
May 2017
Encrypted Email
April 2017
● Dual Factor Box Office
● HTTPS Interception (when done right) Strengthens TLS Security
March 2017
Spam Traps
February 2017
Spear Phishing
by Pierluigi Stella
January 2017
PCI Security Standards
In the Boxing Ring
2016
Network Box
Technology Review 2016
Compilation of key In the Boxing Ring technology news, features, and articles from 2016.
December 2016
The Changing Landscape of Cyber Security
November 2016
● PULL vs PUSH vs Online Signatures
● Admin and User Portal Enhancements
October 2016
Why you need WAF [part 3 of 3]
by Pierluigi Stella
September 2016
Why you need WAF [part 2 of 3]
by Pierluigi Stella
August 2016
● Why you need WAF [part 1 of 3] by Pierluigi Stella
● INFL botnet cac URL Category and Proxy Infected LAN
July 2016
● Network Box 5 Mail Scanning Pattern Engine
● Network Box 5 Mail Scanning 'bulk' Classification
June 2016
● Network Box Notification System
● Network Box App
May 2016
The Harvard Report on Encryption
by Pierluigi Stella
April 2016
● Security Alert Condition: Threat Level 4
● Links vs Malware
March 2016
Cyber Crimes & Cyber Terrorism
by Pierluigi Stella
February 2016
High-Value Targets: Point of Sales, Credit Cards, Customer Information
January 2016
2015: Year in Focus
In the Boxing Ring
2015
Network Box
Technology Review 2015
Compilation of key In the Boxing Ring technology news, features, and articles from 2015.
December 2015
Network Box 5.3 Managed Cyber Security Platform
November 2015
The ONE Vulnerability
October 2015
Network Box Special Report: Analysis of an email attack
by Pierluigi Stella and Andrew Tynefield
September 2015
Network Box S-38i and S-68i Hardware Platform
August 2015
● Unification of ACLs and Rules Engine
● NBRS-3 Sunset Announcement
July 2015
VPN Reporting [part 2 of 2]
June 2015
● Network Box VPN-5 Hardware Platform
● VPN Reporting [part 1 of 2]
May 2015
Proxying SSL [part 2 of 2]
April 2015
Proxying SSL [part 1 of 2]
March 2015
Data Breaches: Identify and Remediate
February 2015
Core Library Vulnerabilities
January 2015
Cloud DNS Backup
In the Boxing Ring
2014
Network Box
Technology Review 2014
Compilation of key In the Boxing Ring technology news, features, and articles from 2014.
December 2014
● Frontline Protection and Infected LANs
● Event Correlation
November 2014
Network Box Cloud Mail Backup
October 2014
Shell Shock
September 2014
Trust, in an unforgiving Cyber World
August 2014
Domain Name System (DNS) Amplification and other Attacks
July 2014
Key Performance Indicators (KPI)
June 2014
The Vulnerability of Everything
May 2014
Network Box 5 User Interface Enhancement
April 2014
Network Box 5 Administrative Portal
March 2014
Security Modules and Security Packages; Security Package Matrix
February 2014
The Entity Management system
January 2014
● Focus on the Next Attack (not just the last one) by Michael Gazeley
● 2013 Threat Round-Up
In the Boxing Ring
2013
Network Box
Technology Review 2013
Compilation of key In the Boxing Ring technology news, features, and articles from 2013.
December 2013
Network Box 5 SSL Proxy
November 2013
Network Box 5 Software and Hardware Platform
October 2013
IDS/IPS vs WAF
September 2013
● Network Box Mail Scanning
● Network Box WAF+ File Scanning
August 2013
● Network Box Application Identification Framework
● Real-Time Detection and Blocking of Outbound Trojan Activity for Network Box 5
July 2013
● Real-Time Detection and Blocking of Outbound Trojan Activity
● OWASP Top 10
June 2013
● Network Box Features and Roadmap
● SSL Security Strategy [part 4 of 4]
May 2013
How to Survive a DDoS Attack
April 2013
SSL Security Strategy [part 3 of 4]
March 2013
● Java Vulnerabilities and Exploits
● SSL Security Strategy [part 2 of 4]
February 2013
● DNS, Mail and 512 bytes
● SSL Security Strategy [part 1 of 4]
January 2013
● 2012 Threat Round-Up
● Network Box 5
In the Boxing Ring
2012
December 2012
Anti-DDoS WAF+ Overview
November 2012
Application Identification
October 2012
Denial of Service & Distributed Denial of Service
September 2012
S-SCAN: Expanded categories list
August 2012
The Importance of Direction
July 2012
Engines vs Signatures vs Heuristics
June 2012
● Network Box - IPv6 Ready
● Testing Network Box 5 Web Application Firewall
May 2012
Network Box 5 SSL
April 2012
Network Box 5 Web Application Firewall
March 2012
Firewalling Web Applications
February 2012
Network Box 5 IPv6
January 2012
● 2011 Threat Round-Up
● Network Box in 2012 and Beyond
In the Boxing Ring
2011
December 2011
Network Box 5 Quality of Service
November 2011
Network Box 5 High Availability, Load Balancing & Clustering
October 2011
Network Box 5 Intrusion Prevention
September 2011
Network Box 5 Firewall
August 2011
Network Box 5 Network Architecture
July 2011
Network Box 5 Provisioning Architecture
June 2011
Network Box 5 Base Platform
May 2011
Network Box 5 Configuration System
April 2011
Network Box 5 Overview
March 2011
Data Leakage Prevention
February 2011
IPv6 - The Next Generation Internet Protocol
January 2011
● 2010 Threat Round-Up
● Network Box in 2011 and Beyond
In the Boxing Ring
2010
December 2010
Nested ‘.bin’ Blocks and Office 2007
November 2010
● M-385 Hardware Platform
● Global Monitoring System Ticketing and Device Monitoring
● Box Office Notifications and iOS
October 2010
● An Update on Network Box Sentinel
● A Preview of Network Box Notification
September 2010
Network Box Sentinel Anti-Virus Engine
August 2010
Security Snake Oil
July 2010
Network Box Spam Traps
June 2010
Network Box as a Transparent Proxy
May 2010
● Network Vulnerability Scanning
● Difficulty in Differentiating Between Spam and Malware
April 2010
● ISO/IEC 27001:2005 Certification
● Vulnerability Scanning
● iPhone and iPad App
March 2010
● Migration of the DNS Root Zone to DNSSEC
● Testing for DNSSEC Compatibility
● Multi-Lingual Box Office and my.network-box.com
February 2010
S-25, S-35, S-85, M-255 and M-285 Hardware Platform
January 2010
2009 Threat Round-Up
In the Boxing Ring
2009
December 2009
● Bandwidth Usage - Network Box Survey Results
● System Resilience - Hardening Internet Protocols against Failure
November 2009
● Email - SMTP, POP3 and IMAP4 Protocols
● Anti-Spam and Whitelisting / Blacklisting
October 2009
● New NBIPDS System Enters Public Beta
● Network Box and the Microsoft Active Protections Program
September 2009
Mail Portal and MY.NETWORK-BOX.COM Enhancements
August 2009
● Mail Portal Enhancements
● Mail Scanning Enhancements
July 2009
● Network Box Virtual Private Network (VPN)
● Network Box SQL Injection Advice
June 2009
● Network Box Intrusion Detection & Prevention
● Network Box Office Customer Portal Hints
May 2009
● Network Box Office Customer Portal
● Encrypted SMTP Email
● Network Box Intrusion Detection & Prevention System
April 2009
● Conficker Network Scanner
● Certificate Authority and SSL VPNs
● Mail Scanning
● Sender Policy Framework
March 2009
● my.network-box.com Enhancements
● Relationship Spam Score Adjustments
● Proxy Vulnerability
February 2009
● Relationship Spam Score Adjustments
● Whitelisting your own domain
● Outbound Policies
January 2009
● 2008 Round-Up
● 2009 Preview
● CVE 2008-4844
In the Boxing Ring
2008
December 2008
● McColo Shutdown
● MS08-067 Worm
● Network Box Global Monitoring System
November 2008
● Fuzzy Fingerprints
● Network Box Challenge Response
October 2008 Supplement
● Network Box Customer Portal
October 2008
● Anti-Spam and Anti-Virus Relationships
● Network Box Relationship Management
September 2008
● Storm Botnet
● Box Office Regional Mirrors
● Google Safe
August 2008
● Network Box Office
● DNS Attacks
July 2008
● SPAM Back-Scatter
● SQL Injection Attacks
● Anonymous Proxies
● Uncategorized URLs